On Fri, 30 Aug 2013 09:39:50 -0400
Daniel J Walsh <dwalsh(a)redhat.com> wrote:
Have not done it for a while. You have to label the home dir and tmp
dir with
the same label as you are going to run. Then you might need an improved type
to get it to start.
I`m done:
# chcon -t sandbox_file_t -l s0:c123,c456 /home/Flash/Example_HOME
# chcon -t sandbox_file_t -l s0:c123,c456 /home/Flash/Example_TMP
$ ls -Z . | grep 123
-rw-rw-r--. Flash Flash unconfined_u:object_r:user_home_t:s0
123 drwxrwxr-x. Flash Flash
unconfined_u:object_r:sandbox_file_t:s0:c123,c456
Example_HOME drwxrwxr-x. Flash Flash
unconfined_u:object_r:sandbox_file_t:s0:c123,c456 Example_TMP
$ /usr/bin/sandbox -s -d 96 -l s0:c123,c456 -X
-H /home/Flash/Example_HOME -T /home/Flash/Example_TMP
-I /home/Flash/.config/se-sandbox-runner/tyututiu_90.included
-W kwin -w 1000x700 -t sandbox_x_t -S
blink X-window, then nothing...
$
What i do not so?
And what this -- "an IMPROVED TYPE to get it to start" ?
--
Fl@sh